Category Archives: Exchange Server

iOS 8.2 fixes Exchange-related issues

Posted on by
2

iPhone iOSToday, Apple released an update for iOS which supposedly fixes, amongst other things, some Exchange-related issues. The release notes of iOS 8.2 mention the following Exchange-related fixes:

  • Fixes stability of Mail
  • Addresses an issue that caused certain events in a custom reoccurring meeting to drop from Exchange calendar
  • Fixes an certificate error that prevented configuring an Exchange account behind a third-party gateway
  • Fixes an issue that could cause an organizer’s Exchange meeting notes to be overwritten
  • Resolves an issue that prevented some Calendar events from automatically showing as “busy” after accepting an invite.

However, some existing complaints are not resolved by this update, such as the WiFi performance issue.

It is a natural law that for every bug that is fixed, new ones are introduced. So, some organizations may therefor want to test and accept this iOS update before giving it the green light for their Exchange environment. To block a specific version of iOS, consult this page.

More information on current issues with Exchange ActiveSync and 3rd party devices can be found in support article KB2563324.

The UC Architects Podcast Ep49

Posted on by
Reply

iTunes-Podcast-logo[1]Episode 49 of The UC Architects podcast is now available. This episode is hosted by Steve Goodman, who is joined by Dave Stork, Pat Richard, John A Cook and myself. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

  • PIN lock and other updates to Outlook for iOS and Android
  • Exchange 2013 and Exchange 2010 Coexistence with Kerberos Authentication
  • Training Course: High Availability for Exchange Server 2013
  • Broken IMAP on Exchange 2013 and how to fix it
  • Windows Mobile does not support your new SSL certificate
  • Introducing New-ExchangeWebsite for Exchange 2013
  • A quick look at the Sunrise Calendar app
  • RBAC Manager R2 for Exchange
  • BitTitan offers Nuix-as-a-service
  • PowerShell for MigrationWiz updated
  • Sign in page branding and cloud user self-service password reset for Office 365
  • A better way to recover a mailbox
  • Automated Hybrid Troubleshooting Experience
  • Shared Mailbox Sent Items Changes Coming to Office 365
  • How Groups could be so much better
  • Using the Hybrid Configuration Wizard in Exchange Server 2013
  • Office 365: Deployment Content Moving
  • Azure AD Sync Service Updated
  • Pausing Music When On A #Lync Call – Using the Client SDK
  • Lync Client 2013 – Disable Customer Experience Improvement Program
  • New update for Lync Environment Report now supports custom Word document templates
  • Lync Server 2013 Control Panel crashes when you access the Route tab under the Voice Routing tab
  • Lync client may connect to a non federated partner, even if you though it should not
  • Persistent Chat – December 2014 CU – 500 Internal Server Error
  • Lync / Skype for Business Photo Editor Version 1.0 available now!
  • Do you need a Lync Server license for every Lync Server role–or is this just a Lync licensing myth?
  • Enabling Group Paging on Polycom VVX Phones for Lync or Skype
  • Issues with Unified Contact Store in combination with Lync on-premises & Exchange Online
  • Deep Dive into Set-CsPinSendCAWelcomeMail
  • Skype for Business and Lync troubleshooting 101
  • Update to Skype for Business / Lync Validator KHI reader. Longer list of counters + graphs
  • Book – Deploying and Managing Exchange 2013 HA
  • Book – Exam Ref 70-342 Advanced Solutions of Microsoft Exchange Server 2013
  • Book – Lync Server Cookbook
  • Ignite
  • Stale Hansen – Speaking at Ignite
  • UCBUG Meeting May 13th
  • UCDAY UK – 28th Sept by by Andrew P, Steve, Jason Wynn, Iain Smith, Adam Gent and Tom A

More information on the podcast including references and a link to download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

The UC Architects Podcast Ep48

Posted on by
Reply

iTunes-Podcast-logo[1]Episode 48 of The UC Architects podcast is now available. This episode is hosted by Pat Richard, who is joined by John A Cook, Johan Veldhuis, Justin Morris and Tom Arbuthnot. Editing was done by Andrew Price.

Some of the topics discussed in this episode are:

  • Exam ref 70-342 – Advanced Solutions of Exchange 2013 MCSE is available
  • Download An End-to-end Experience with Groups
  • Considering updating your Domain functional level from Windows 2003?
  • Single-Click Mailbox Conversion
  • Access Exchange 2013 public folders in a hybrid setup
  • Some things to do after leaving Windows Server 2003 (from an Exchange perspective)
  • Multiple OWA Virtual Directories in Exchange 2013
  • Office 365 – Two Azure AD Premium Features Coming To All Subscribers
  • What’s new in Office 365: January 2015
  • February 10, 2015 update for #Lync 2013 (KB2920744)
  • Leveraging SEFAUtil for #Lync Shared Line Appearance (Boss-Admin) Delegate Configuration
  • What to do when you can only hear yourself think while using Jabra Evolve 80
  • What’s New in LyncValidator
  • Introducing #Lync #Skype4B User Manager
  • Automatic Fortune Cookie Utility/ Local & Site-tosite dial plan GUI script
  • Lync Server Cookbook | PACKT Books
  • Skype for Business Notes from Microsoft Office365 Summit | The Lync Dude
  • Connecting IFTTT to Lync – getting IMs when stuff happens
  • Lync Server 2010 CU15 Link 1 Link 2
  • Lync Regions and assigning Dial-In Conference Number
  • Ignite and Enterprise Connect Events

More information on the podcast including references and a link to download the podcast here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.

Role-based Access Control

Posted on by
Reply

security officer RBACIt has been over 5 years (wait, what?) since I wrote an article on Role-based Access Control, or RBAC, in Exchange 2010. At that time, RBAC was a big architectural change in Exchange 2010 over Exchange 2007.

Present day, RBAC is still a much neglected topic in many Exchange organizations. It must be said that most organization can happily live with the default RBAC configuration. They have no need to dive in this versatile model to set up granular permissions in their organization. In bigger organizations, this configuration can also easily become quite complex.

For TechTarget I started writing few articles on the topic of RBAC, starting with the base components. There you can find Part 1, Part 2, and Part 3.

Blocking Outlook App for iOS & Android

Posted on by
12

imageYesterday, Microsoft announced the immediate availability the Outlook for iOS and Outlook for Android preview. These apps are the former app named Acompli, which was acquired by Microsoft in December, last year. It is unlikely that Microsoft will develop and support two similar apps, so one can assume the new Outlook app will replace the current OWA for iOS and OWA for Android (or just OWA for Devices) apps.

The app isn’t without a little controversy:

  • The app stores credentials in a cloud environment from Amazon Web Services for e-mail accounts that don’t support OAuth authorization.
  • The app makes use of a service sitting between the app and your mailbox. This service acts as a sort of proxy (hence it requires those credentials), fetching, (pre)processing and sending e-mail. In some way this is smart, as it makes the app less dependent on back-end peculiarities, using a uniform protocol to communicate with the proxy service.
  • The app does not distinguish between devices (device identities are assigned to your account, which makes sense since the app uses a service to retrieve and process your e-mail).
  • The app does not honor ActiveSync policies, like PIN requirements. While true, this app is not an ordinary Exchange ActiveSync client.

You can read more about this here and here.

In all fairness, when the app was still named Accompli, nobody cried foul. But the app is now rebranded Outlook and property of Microsoft, so it seems this made the app fair game. I hope Microsoft is working behind the scenes to make the new Outlook app enterprise-ready, and I’m sure it won’t be long before we see the app’s services move from AWS to Azure. The whole outrage in the media also seems a bit misplaced, as Connected Accounts in Exchange Online, which will retrieve e-mail from a POP or IMAP mailbox, will also store credentials ‘in the cloud’.

It is recommended to treat the app as a consumer app for now, and you may want to block the app in your organization. I have written on how to accomplish blocking or quarantining faulty iOS updates before. However, in those articles I used the reported OS version to block or quarantine devices. The Outlook app proxy service reports itself as “Outlook for iOS and Android” as device model when querying your mailbox, allowing us to use the DeviceModel parameter for matching.

The cmdlet to block or quarantine the new Outlook app in Exchange 2010, Exchange 2013 or Office 365,  is:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Block

or, to quarantine:

New-ActiveSyncDeviceAccessRule –QueryString 'Outlook for iOS and Android' –Characteristic DeviceModel –AccessLevel Quarantine

For examples of alternative blocking methods using TMG or F5, check this article. If you need to specify the user agent string, use “Outlook-iOS-Android/1.0” (or partial matching on “Outlook-iOS-Android” to block future updates of the app as well).

As goes for all mobile devices in enterprise environments, as an organization it may be better to test and aprove devices and OS versions rather than to be confronted with mobile apps with possible faulty behavior after an update or which may violate corporate security policies.